Swift, the inter-bank messaging system embroiled in one of the largest cyber heists in history, warned customers that hackers have struck again, attacking a commercial bank client that it didn’t name.
The details of a second hack follow a cyber theft in February, when more than US$80 million was stolen from Bangladesh’s account at the Federal Reserve Bank of New York. Swift last month warned users last month that it was aware of several similar attacks.
This time, the hackers used malware to target a PDF reader used by the customer to check its statement messages, Swift said on Friday. A Swift spokesman declined to reveal the name of the bank, but a U.K.-based security firm, BAE Systems Plc, said in a blog post that it believes the second victim is a commercial bank in Vietnam. BAE isn’t directly involved in the investigation, but analyzed malware samples uploaded to public repositories from locations in both Bangladesh and Vietnam and found a match.
BAE said details in the code from the Bangladesh and Vietnam hacks also match a third breach, the devastating 2014 attack on Sony Pictures, which U.S. officials attributed to North Korea. BAE said the match indicates that the same hackers may be behind all three attacks.
“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” Swift said in a statement. “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks –- knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.”
In its warning, Swift said customers using PDF reader applications to check confirmation messages should take particular care. Hundreds of billions of dollars are moved internationally through the Swift system every day.